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1 July 1989 


MEMORANDUM TOR: Chief, Policy and Plans Group 


STATINTL FROM: Ears , 
Deputy Director for Community Affairs 


SUBJECT: APEX - One System for Industry 


STATINTL 1. DC ——d has legitimate concerns. They continue 
to crop up in spite of many efforts to address them to the 
satisfaction of government and industry. [| seemsSTATINTL 
to be attempting to make another try at gaining recognition 
for the impact of APEX and gaining acceptance of that impact 
by the Community's senior management. He wants to start with 
CIA. 


2. I think his examples are extreme. They are not as 
awesome as first reading gives to suspect. Reviewing his 
examples, some comfort can be drawn from recasting his intent 
into words that are more familiar. 


3. When he speaks of CIA acceptance of: 


e "Navy background investigations", he means 
that when DIS investigates contractor personnel in 
accordance with DCID 1/14 that the CIA would, for 
example, permit the contractor to enter CIA on 
certification of his "access approval", and a state- 
ment of justification from a CIA host. We would 
accept the Navy's certification of [ Jaccess for STATINTL 
example. 
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e “Army physical inspection of SCI facilities", 
he means that on satisfactory completion of a Memo- 
randum of Understanding between CIA and Army on joint 
use of an APEX industrial facility, and an agreement 
that Army has the cog, that Army will be responsible 
for intermittent physical inspections and that CIA 
will not insist on doing its own. This issue is 
basically the heart of the current deliberation 
whether physical security standards should be "minimum" 
or “uniform 


@ ‘DoD adjudications of security investigations", 
he means DIS investigations and departmental or NSA 
adjudications putting us back in the scenario with the 
Navy above. 


@ "'NSA-granted exceptions of the 2 person rule", 
he means that if NSA waives the 2 person rule in an 
industrial facility and CIA wants to piggyback on the 
facility, we can't make NSA back off, nor can we insist 
that the facility change. But this type issue would be 
presented and discussed between NSA and CIA at time of 
drafting of the Memorandum of Understanding. 


® "AF periodic security examination of physical 
and procedural affairs'', he means that if CIA and AF 


agree on using an industrial facility_and AF has the 
cog, CIA accepts AF survey. While [~~~] original ly STATINTL 
included in this idea the concept that AF would do the - 


annual survey of documents belonging to CIA, he will 
be dissuaded. 


e® "Nondisclosure Agreement executed under NSA 
aegis", he means that there is only one Nondisclosure 
Agreement required in the APEX System. If NSA gets 
an industrial team signed up for SI, the team members 
will have to sign the APEX Nondisclosure Agreement. 
When CIA comes to the team with an [_]program, the STATINTL 
CIA will not require execution of another Nondisclosure 
Agreement. CIA may have the team execute a reminder 
that [ ]is part of APEX. 
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25X1 ® ee ee for access to a particular 

system", he means that if [ | for exampic, STATINTL 
STATINTL signs someone up for [____]and subsequently CIA wants 
STATINTL to talk[_____] with the chap, CIA will not insist on 

repeating the indoctrination, but will accept] STAT 


certification of access approval (or better yet, just 
check the chap's tickets on 4C and accept the evidence 
of the data base). 


e "DOE certification for a particular product 
access", he means that if the SIO of DOE says that one 
otf his people has a need-to-know for HUMINT product or 
IMAGERY product, that the man meets DCID 1/14 standards, 
has been given a security briefing and has signed a Non- 
disclosure Agreement, the CiA will not question any of 
this, but will accept the DOE certification. 


STATINTL 4, When L__...___]talks in paragraph 3 about Dof pre- 
paring implementing procedures to the approved APEX Security 
Policy Manual for Industry, he is acknowledging a couple of 
things. First, he is saying that APEX policy manual, now 
approved by NFIB calls for each department and agency to prepare 
implementing manuals, each of these implementing manuals will be 
reviewed by the APEX Steering Committee, of which [___Jis STATINTL 
Chairman, to make sure that all aspects of it meet the APEX 

STATINTL policy pronouncements. [____]Jis also saying that no one other 
than DIA has even started drafting implementers. Time is running 
out. The DCI has set 1 January 1981 as the start date for APEX. 

eva pe to meet that date and to have available a 'Iiow to" book, 


proposes adoption of the DIA implementing manual. 
5. We can argue on this one, but I don't see any reason 
to insist on more than reserving our vote of agreement or 
rejection until DIA floats its draft. 


6. In paragraph 5 I think it Ras setting up the DCI STATINTL 
and subsequently the Agency management, for a coming challenge 
to some of the DCID's. There is no doubt that APEX will require 
some review of DCID's and maybe some modification. For example, 
does it make continued sense to require all people he cleared 
for all data on a computer data base - as DCIf) 1/16 does? Have 
hardware or software controls and lockouts not progressed to 
some point where more security assurances can be given in 1980 
than could be given in 1974-78? In connection with NCID 1/14 - 

STATINTL { know that [___] has heard that the investigative criteria of 
that document has been liberally interpreted by DIS. He spoke 
of putting more DCI control in any revision. This leads him to 


Approved For Release 2006/01/03 : CIA-RDP82M00591R000200060046-5 


STATINTL 


Approved For,Belease 2006/01/03 : CIA-RDP82M00594R000200060046-5 


his mention of poly or no poly for contractors. Ile favors 
poly for all contractors and wants the DCI to support this 
issue fully throughout the community. But he is backing 

off from raising these issues at the meeting he wants to hold 
for CIA senior staff. 


7. In paragraph a shot at NSA and 
CIA as the principal creators 6 ifficulties because we impose 


more than DCID standards. 1 think he is addressing the need 
for uniform physical security standards which both NSA and CIA 
appear reluctant to support. ‘le may also be addressing the 


poly issue. But again, it is a reflection that there is 


reluctance in CIA to adopt and support_some_ aspects of the APEX 
single system. And that is the issue a enes to bring 


Betore the DCI. STATINTL 


STATINTL 
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